Has anyone written any code to look through the squid access log in
conjunction with fail2ban picking up TCP/DENIED 407 errors and then banning
the IP address?
Could be 1 way to do it
--------------------------------------------------
From: "Kinkie" <gkinkie@xxxxxxxxx>
Sent: Saturday, August 08, 2009 2:56 PM
To: "J Webster" <webster_jack@xxxxxxxxxxx>; <squid-users@xxxxxxxxxxxxxxx>
Subject: Re: ban brute force attacks in squid through ncsa
Hello,
this kind of functionality does not really belong to Squid but to
the authentication backend.
Ncsa passwd check script are quite naive and usually do not provide
that kind of protection.
On 8/8/09, J Webster <webster_jack@xxxxxxxxxxx> wrote:
Is there anything in squid to ban brute force attacks on usernames and
passwords via ncsa authentication?
--
/kinkie
